Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Grant Taylor via NANOG]

On 8/5/19 1:17 PM, Vincentz Petzholtz wrote:
And as far as I remember: If a member fails then another one is taking 
over responsibility over the used mac address.


That's my understanding as well.

It surprised me a little bit that this never really taken off (not 
even within Cisco folks in the enterprise field as far as I know).


The few times that it's been discussed with colleagues has usually run 
into an issue of "how do we do GLBP between two L3 switches?".


I get the impression that GLBP would be more likely used with separate 
routers connected to common switches that didn't do L3 switching.


I was also keen if/when this ever get available on other vendors 
and/or open source software.


Agreed.

I did some sleuthing and just learned that OpenBSD's Common Address 
Redundancy Protocol (also ported to other *BSDs and Linux) does support 
an active/active configuration.


I found some details in FreeBSD's carp(4) man page.  Search said page 
for "net.inet.carp.arpbalance".


So … I'm going to need to do some pontification about CARP.  }:-)

Just as everybody else we do run two VRRP instances with ECMP style 
routes on datacenter gear a lot.


I see VRRP used a lot as a way to move VIPs between servers for similar 
redundancy reasons.


But in some situations it would be nice to have something to spread 
the traffic across different routers (even when the client is too 
„dump“ for ecmp routes).


Yep.  Cisco's GLBP can do that.  I now know that OpenBSD's CARP can do 
that too.  (#todayilearned)




--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: What can ISPs do better? Removing racism out of internet

[Valdis Klētnieks]

On Tue, 06 Aug 2019 02:27:30 -, Mel Beckman said:

> A CDN is very much an ISP. It is providing transport for its customers from
> arbitrary Internet destinations, to the customer’s content. The caching 
> done by
> a CDN is incidental to this transport, in accordance with the DMCA.

Just because the DMCA says it's incidental doesn't mean that covers all bases.

Go read up on the mess that covers warrants for e-mail contents - the rules are
different for on-the-wire intercepts, mail that's in the queue and not
delivered to a mailbox yet, mail that's been delivered to a mailbox and not
read, and mail that's been read by the user and left in the mailbox, and mail 
that
the user has read and downloaded to their personal computer.

Anybody who thinks "DMCA says we have a safe harbor" is the be-all and end-all
of it is in for a rude awakening.

And if you have an NSL show up on your desk, you're in for a whole different 
world of
hurt - even finding and hiring a lawyer can be a problem when you can't tell the
lawyer you have an NSL problem until after you've hired them to help with your 
NSL
problem.  But I guarantee that if you tell the person handing you the NSL "DMCA 
says
I have a safe harbor, get out of my office", your day will get even worse.


pgpqh1T2dwco1.pgp
Description: PGP signature

Apple AS714 - peering down on the East Coast?

[John Von Essen]

Starting around July 28th, I noticed a latency spike (70ms) on some of our 
traffic to Apple (mainly api.apple-mapkit.com) coming out of Virginia. This 
traffic usually always takes some local peering, and never is higher then 
10-15ms.

I checked from AWS backbone, Cogent, Zayo, Level3, all show 70+ ms from east 
coast.

I also noticed on bgp.he.net, Apple’s IPv4 peer list dropped from 307 to 275 
also on July 28-29th.

Anyone else who peers with Apple on the east coast seeing this? Is it an outage 
or planned maintenance?

Thanks
John

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Valdis,

A CDN is very much an ISP. It is providing transport for its customers from 
arbitrary Internet destinations, to the customer’s content. The caching done by 
a CDN is incidental to this transport, in accordance with the DMCA. 

The alternative is that you believe CDNs are not protected by safe Harbor. Is 
that the case?

-mel via cell

> On Aug 5, 2019, at 4:02 PM, Valdis Klētnieks  wrote:
> 
> On Mon, 05 Aug 2019 20:40:43 -, Mel Beckman said:
>> The key misunderstanding on your part is the phrase “on your servers”. ISPs
>> acting as conduits do not, by definition (in the DMCA), store anything on
>> servers.
> 
> Note that ISPs whose business is 100% "acting as conduits" are in the 
> minority.
> 
> Hint:  The DMCA has the text about data stored on ISP servers because many 
> ISPs
> aren't mere conduits.  And this thread got started regarding a CDN, which is 
> very much
> all about storing data on servers.
> 

Re: MAP-E

[Mark Andrews]

> On 6 Aug 2019, at 9:05 am, Mark Tinka  wrote:
> 
> 
> 
> On 2/Aug/19 14:17, Baldur Norddahl wrote:
> 
>> 
>> 
>> The pricing on IPv4 is now at USD 20/address so I am thinking we are
>> forced to go the CGN route going forward. Of all the options, MAP-E
>> appears to be the most elegant. Just add/remove some more headers on a
>> packet and route it as normal. No need to invest in anything as our
>> core routers can already do that. No worries about scale.
> 
> Actually, I think NAT64/DNS64/464XLAT is the best option, because as
> more IPv4 falls away, you are automatically translating less and going
> native IPv6 more. And there is nothing for you to "turn off" or migrate
> away from after all is said & done.
> 
> Mark.

Which only applies to DNS64 and not 464XLAT.  That said, every IPv6 node
should be attempting to connect over IPv6 first.  That alone moves most of
the traffic to IPv6 regardless of the IPv4aaS method in use.  DNS64 also
breaks DNSSEC which is not a good thing.

DNS64 alone also depends on *everybody* having good (complete) IPv6 connectivity
and not leaving IPv6 breakages uncorrected.  There is no fallback to IPv4
with DNS64 alone.  If you also have 464XLAT with DNS64 then there is NO
DIFFERENCE to MAP-[ET] or DS-Lite in terms of traffic shifting to native IPv6.

Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742  INTERNET: ma...@isc.org

Re: MAP-E

[Mark Tinka]

On 2/Aug/19 14:17, Baldur Norddahl wrote:

>
>
> The pricing on IPv4 is now at USD 20/address so I am thinking we are
> forced to go the CGN route going forward. Of all the options, MAP-E
> appears to be the most elegant. Just add/remove some more headers on a
> packet and route it as normal. No need to invest in anything as our
> core routers can already do that. No worries about scale.

Actually, I think NAT64/DNS64/464XLAT is the best option, because as
more IPv4 falls away, you are automatically translating less and going
native IPv6 more. And there is nothing for you to "turn off" or migrate
away from after all is said & done.

Mark.

Re: What can ISPs do better? Removing racism out of internet

[Valdis Klētnieks]

On Mon, 05 Aug 2019 20:40:43 -, Mel Beckman said:
> The key misunderstanding on your part is the phrase “on your servers”. 
> ISPs
> acting as conduits do not, by definition (in the DMCA), store anything on
> servers.

Note that ISPs whose business is 100% "acting as conduits" are in the minority.

Hint:  The DMCA has the text about data stored on ISP servers because many ISPs
aren't mere conduits.  And this thread got started regarding a CDN, which is 
very much
all about storing data on servers.



pgpZvSVs8so6j.pgp
Description: PGP signature

RE: What can ISPs do better? Removing racism out of internet

[Keith Medcalf]

>Hey, I got my Network+ too.   dafuq is a "BGP"?

That's what the British get after too much Beer-o-clock.  A Bloody-Good-Puking 
...

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: What can ISPs do better? Removing racism out of internet

[Bryan Fields]

On 8/5/19 4:57 PM, b...@theworld.com wrote:
> TBH some of this is like watching someone try to set up a router using
> only the marketing brochures.

Hey, I got my Network+ too.   dafuq is a "BGP"?

-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: What can ISPs do better? Removing racism out of internet

[bzs]

One tiny bit of sermonizing not aimed at anyone in particular:

Interested amateurs tend to study the wording of laws.

Lawyers tend to study case law, actual cases and their outcomes.

In part that's because, besides the hazards of interpretation, laws
often conflict, supercede each other, modify each other, have
unexpressed limits particularly regarding jurisdiction and other
matters of process and applicability, etc etc etc and that all tends
to come out and get defined in the case law. And case law tends to be
dispositive, /stare decisis/ and all that, precedents.

And if that paragraph bored the crap out of you then good luck
guessing at what a few thousand pages of case law on a topic will do
to you.

TBH some of this is like watching someone try to set up a router using
only the marketing brochures.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Valdis,

The key misunderstanding on your part is the phrase “on your servers”. ISPs 
acting as conduits do not, by definition (in the DMCA), store anything on 
servers. Moreover, the DMCA specifically spells out that safe harbor protection 
“covers acts of transmission, routing, or providing connections for the 
information, as well as the intermediate and transient copies that are made 
automatically in the operation of a network.”

And if the FBI, or whoever, through various technical means, managed to 
discover that illegal information passed through an ISPs network, they have no 
more cause of action than if that traffic passed through AT leased lines. Not 
that they haven’t tried.

 -mel

On Aug 5, 2019, at 11:34 AM, Valdis Klētnieks 
mailto:valdis.kletni...@vt.edu>> wrote:

On Mon, 05 Aug 2019 18:19:06 -, Mel Beckman said:
I notice you didn’t provide any actual data to support your position. What,
for example, outside of copyright violations, could ISPs conceivably be liable
for?

You get caught with nuclear weapons data, terrorism-related info, or kiddie
porn on your servers dropped there by a customer, you're going to be wishing
for a safe harbor that extends further than just copyright.

Whether you actually get one is going to depend on a *lot* of details of the
specific incident. At that point, don't listen to me, and don't listen to Anne,
hire a good lawyer who knows exactly what the rules are in your jurisdiction(s)
and listen to them :)

Re: What can ISPs do better? Removing racism out of internet

[Patrick W. Gilmore]

Cloudflare is not an ISP. They are a CDN. You cannot ask them for a DSL or 
Cable connection, or even DIA.

Not that it matters: ISPs are not “Common Carriers” in statute or Common Law. 
The DMCA provides some protections which are similar to Common Carrier status, 
but that does not mean they have all the rights and responsibilities of Common 
Carriers.

And just to be really meta, that doesn’t matter either. Cloudflare did nothing 
wrong. While in the US, anyone can sue anyone for anything, the idea 8Chan will 
prevail in suing Cloudflare for violation of Common Carrier responsibilities, 
or even for 1st amendment free speech rights, it ludicrous on its face.

I am not terribly pleased with CF’s continued support of miscreants like 
“Booter Services” (read “DDoS-for-Hire”), but their lawyers are not idiots. And 
while you may not believe Anne, I know her and trust her judgement here. Plus I 
know a small amount about running CDNs. So I’m going to go with the consensus 
on the side of “not Common Carriers”. Feel free to disagree. But if you plan to 
convince the people reading this thread, you will have to do better than 
quoting snippets of the DMCA.

-- 
TTFN,
patrick



> On Aug 5, 2019, at 4:19 PM, Mel Beckman  wrote:
> 
> Keith, 
> 
> You’re confusing ISPs that merely provide transport services, such as AT 
> and Cloudfare, with information services like FaceBook and Twitter. The 
> Common Carrier status for legal protection of ISPs stems from the 1998 DMCA, 
> which long preceded the 2015 Network Neutrality act. It provides protection 
> only for an ISP that as a “provider merely acts as a data conduit, 
> transmitting digital information from one point on a network to another at 
> someone else’s request.” The ISP loses that Common Carrier (in the Common Law 
> definition) protection if it alters the transmission in any way.
> 
> Just because an ISP isn’t a Common Carrier under FCC rules doesn’t mean that 
> it isn’t a Common Carrier for other purposes. Trains and planes, for example, 
> are Common Carriers, and the FCC has nothing to do with them. But they can’t 
> exclude passengers based on their speech (yet, anyway). 
> 
> -mel
> 
>> On Aug 5, 2019, at 8:54 AM, Keith Medcalf  wrote:
>> 
>> 
>>> On Monday, 5 August, 2019 09:16, Mel Beckman  wrote:
>>> 
>>> “Now, enough of this off-topic stuff and back to our regularly
>>> scheduled programming.”
>> 
>>> Keith, what could be more on-topic than an ISP’s status as a common
>>> carrier? Seems pretty operational to me.
>> 
>> I think that is closing the barn door after the horse already left.
>> 
>> It is my understanding that in your fabulous United States of America that 
>> "carriers" (meaning having no content serving nor content consuming 
>> customers*) may be "common carriers" or can claim to be common carriers.  
>> The rest of you who are not pure carriers are, thanks to Ijit Pai, merely 
>> Information Services and do not have common carrier status, nor can you 
>> claim to be common carriers.
>> 
>> A "common carrier" is one who must provide carriage provided the fee for 
>> carriage is paid.  This is not the case for "Information Service" providers 
>> as they are not required to provide carriage to any who can pay the fee for 
>> carriage.
>> 
>> *I hate the term "content", it is somowhat lame.
>> 
>> -- 
>> The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
>> lot about anticipated traffic volume.
>> 
>> 
>> 
>> 

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Keith, 

You’re confusing ISPs that merely provide transport services, such as AT and 
Cloudfare, with information services like FaceBook and Twitter. The Common 
Carrier status for legal protection of ISPs stems from the 1998 DMCA, which 
long preceded the 2015 Network Neutrality act. It provides protection only for 
an ISP that as a “provider merely acts as a data conduit, transmitting digital 
information from one point on a network to another at someone else’s request.” 
The ISP loses that Common Carrier (in the Common Law definition) protection if 
it alters the transmission in any way.

Just because an ISP isn’t a Common Carrier under FCC rules doesn’t mean that it 
isn’t a Common Carrier for other purposes. Trains and planes, for example, are 
Common Carriers, and the FCC has nothing to do with them. But they can’t 
exclude passengers based on their speech (yet, anyway). 

 -mel

> On Aug 5, 2019, at 8:54 AM, Keith Medcalf  wrote:
> 
> 
>> On Monday, 5 August, 2019 09:16, Mel Beckman  wrote:
>> 
>> “Now, enough of this off-topic stuff and back to our regularly
>> scheduled programming.”
> 
>> Keith, what could be more on-topic than an ISP’s status as a common
>> carrier? Seems pretty operational to me.
> 
> I think that is closing the barn door after the horse already left.
> 
> It is my understanding that in your fabulous United States of America that 
> "carriers" (meaning having no content serving nor content consuming 
> customers*) may be "common carriers" or can claim to be common carriers.  The 
> rest of you who are not pure carriers are, thanks to Ijit Pai, merely 
> Information Services and do not have common carrier status, nor can you claim 
> to be common carriers.
> 
> A "common carrier" is one who must provide carriage provided the fee for 
> carriage is paid.  This is not the case for "Information Service" providers 
> as they are not required to provide carriage to any who can pay the fee for 
> carriage.
> 
> *I hate the term "content", it is somowhat lame.
> 
> -- 
> The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
> lot about anticipated traffic volume.
> 
> 
> 
> 

Re: User Unknown (WAS: really amazon?)

[Patrick W. Gilmore]

[Speaking ONLY FOR MYSELF AS AN INDIVIDUAL.]

On Aug 4, 2019, at 8:15 AM, Rubens Kuhl  wrote:
> On Sun, Aug 4, 2019 at 5:17 AM Scott Christopher  wrote:
> John Curran wrote: 
> 
> ...
> 
>> As I have noted previously, I have zero doubt in the enforceability of the 
>> ARIN registration services agreements in this regard – so please carefully 
>> consider proposed policy both from the overall community benefit being 
>> sought, and from the implications faced as a number resource holder having 
>> to comply oneself with the new obligations. 
> 
> I completely agree that ARIN can revoke an organization's resources. Nobody 
> has ever doubted that.
> 
> What I have been saying is that if ARIN revoked Amazon's resources because of 
> a trivial matter of bounced Abuse PoC, even if the small "community" of 
> network operators and other interested parties passed a rule supporting this, 
> the backlash would be *enormous* and lead to media attention, litigation, 
> police, investigation by U.S. Congress, etc. 
> 
> The interests of the public affected by a global Amazon/AWS outage would 
> greatly outweigh the rights of this small "community" which would ultimately 
> be stripped away, I'd think.
> 
> This is moot, of course, because ARIN would give ample notices and time to 
> Amazon and they would dutifully comply. But the original poster to which I 
> replied invited us to imagine such a situation.
> 
> 
> 
> I don't think that "companies with tons of lawyers" should be a factor in 
> making resource allocation policies. But considering either small or big 
> networks, an escalation path would reduce friction and increase overall 
> compliance... for instance, failure to have functioning abuse PoC could lead 
> first to being inegible to receive new resources. 

I would love for “companies with tons of lawyers” to be irrelevant to policy 
creation and implementation.

However, ARIN has to exist to enforce policy and support the community. If 
there is an existential threat to the corporation, e.g. legal risks, that must 
be taken into account.

To be clear, this does not mean a company with lots of lawyers should be 
allowed to direct policy. ARIN’s policies should and do come from the 
communities and their elected representatives (the AC). But to say that ARIN 
should not consider the legal implications goes a bit too far, IMHO.

[Reminder: Speaking ONLY FOR MYSELF AS AN INDIVIDUAL.]

-- 
TTFN,
patrick

Re: What can ISPs do better? Removing racism out of internet

[Seth Mattinen]

On 8/5/19 10:05 AM, William Herrin wrote:
The best cure for speech is more speech. The President notwithstanding, 
hateful behavior has a hard time surviving the light of day. You 
shouldn't be the censor but you can shine the light.



That doesn't seem to work on Facebook, where people spew the most vile 
things under the banner of their own name.

Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Vincentz Petzholtz]

> I thought that GLBP had functionality that allowed both participants to be 
> active/active.  I.e. you could cause ⅔ of traffic to go to one GLBP peer and 
> the remaining ⅓ go to the other GLBP peer.
Yes it’s true. It achieves forwarding active/active situations. One of the GLBP 
group members get elected „master“ (just like in HSRP/VRRP).
This master also knowns the („virt“) interface MAC addresses of the other 
members within the same BC segment. If then a client arp’s for the GW/GLBP 
virtual IP
then the master is basically spoofing the arp response with a mac of the other 
members. You have some sort of control of how the mac addresses of the
other members are handed out by the master. This leads to a „static“ client 
assignment style of load balancing (because you can’t really know how much 
traffic this one client then generates/gets).
And as far as I remember: If a member fails then another one is taking over 
responsibility over the used mac address.

It surprised me a little bit that this never really taken off (not even within 
Cisco folks in the enterprise field as far as I know).
I was also keen if/when this ever get available on other vendors and/or open 
source software.

Just as everybody else we do run two VRRP instances with ECMP style routes on 
datacenter gear a lot.
But in some situations it would be nice to have something to spread the traffic 
across different routers (even when the client is too „dump“ for ecmp routes).

Best regards,
Vincentz

> Am 05.08.2019 um 19:55 schrieb Grant Taylor via NANOG :
> 
> On 8/5/19 9:19 AM, Nicolas Chabbey wrote:
>> Are there any good reasons of using proprietary FHRPs like HSRP and GLBP 
>> over VRRP ?
> 
> I thought that GLBP had functionality that allowed both participants to be 
> active/active.  I.e. you could cause ⅔ of traffic to go to one GLBP peer and 
> the remaining ⅓ go to the other GLBP peer.
> 
> It's my understanding that neither HSRP nor VRRP support this active/active 
> operation and that they are purely active/passive.
> 
> Sure, you can have multiple HSRP / VRRP IPs and spread the load via client 
> configuration.  But that's outside of the scope of the protocols themselves.
> 
> Please correct me if I'm wrong.
> 
> 
> 
> --
> Grant. . . .
> unix || die
> 



signature.asc
Description: Message signed with OpenPGP

mitel hx5000

[Samual Carman]

does anyone have any contacts at mitel that they can share or forward me
onto

of our sister company's took over a small customer who has a mitel hx5000
and we are having a devil of a time trying to get support from mitel

as they want us to sign a long term maintenance contract which normally we
would have no problem with however come end of september we will be
migrating them to are in house platform and unfortunately none of the local
vendors offer short term contracts and the sister company in quiston will
not budge on the timeline

so i am hoping the world of NANOG has the ability to connect me to someone
in mitel who would be able to help us out
mods if this breaks the rules please let me know i was unsure


Thanks
Sam
Lead System Admin
Yakima Networking

Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Nicolas Chabbey]

Good point. I forgot about this one.

Apparently, you can have four active forwarders per group. The load is
balanced across them via the virtual MAC addresses.

I could implement something similar to my open VRRP implementation (I
wrote about it on the ML recently), but only if it's a wanted features.
I don't think it's overly complex to do, but of course it won't be
covered by any current RFCs.

Regards.

On 05/08/2019 19:55, Grant Taylor via NANOG wrote:
> On 8/5/19 9:19 AM, Nicolas Chabbey wrote:
>> Are there any good reasons of using proprietary FHRPs like HSRP and
>> GLBP over VRRP ?
> 
> I thought that GLBP had functionality that allowed both participants to
> be active/active.  I.e. you could cause ⅔ of traffic to go to one GLBP
> peer and the remaining ⅓ go to the other GLBP peer.
> 
> It's my understanding that neither HSRP nor VRRP support this
> active/active operation and that they are purely active/passive.
> 
> Sure, you can have multiple HSRP / VRRP IPs and spread the load via
> client configuration.  But that's outside of the scope of the protocols
> themselves.
> 
> Please correct me if I'm wrong.
> 
> 
> 

Re: What can ISPs do better? Removing racism out of internet

[Valdis Klētnieks]

On Mon, 05 Aug 2019 18:19:06 -, Mel Beckman said:
> I notice you didn’t provide any actual data to support your position. What,
> for example, outside of copyright violations, could ISPs conceivably be liable
> for?

You get caught with nuclear weapons data, terrorism-related info, or kiddie
porn on your servers dropped there by a customer, you're going to be wishing
for a safe harbor that extends further than just copyright.

Whether you actually get one is going to depend on a *lot* of details of the
specific incident. At that point, don't listen to me, and don't listen to Anne,
hire a good lawyer who knows exactly what the rules are in your jurisdiction(s)
and listen to them :)



pgpGlDzCD_k2h.pgp
Description: PGP signature

Re: What can ISPs do better? Removing racism out of internet

[Anne P. Mitchell, Esq.]

Mel, this is to ack your note. "Because I'm a lawyer" isn't an argument at all, 
*nor have I made it* - however, that I'm extremely busy, and under no 
obligation to provide any of this information here, is.  I'm not here for 
academic debate.   You are also free to bring a lawsuit based on ISP as common 
carrier, but you will lose.

Anne

> On Aug 5, 2019, at 12:19 PM, Mel Beckman  wrote:
> 
> Anne of Many Titles,
> 
> I notice you didn’t provide any actual data to support your position. What, 
> for example, outside of copyright violations, could ISPs conceivably be 
> liable for? Present an argument to make your case. “No, because I’m a lawyer 
> and you’re not” is not an argument :)
> 
> As clearly stated in DMC 512(a), the safe harbor provision for transitory 
> transport, which is what Cloudfare provides, 
> 
> "protects service providers who are passive conduits from liability for 
> copyright infringement, even if infringing traffic passes through their 
> networks. In other words, provided the infringing material is being 
> transmitted at the request of a third party to a designated recipient, is 
> handled by an automated process without human intervention, is not modified 
> in any way, and is only temporarily stored on the system, the service 
> provider is not liable for the transmission.” 
> 
> That’s not a law school student opinion. That’s the law itself. As I 
> previously said, I’m not talking about the FCC definition of CC. Under DMCA, 
> "service providers who are passive conduits” are the essence of the common 
> law definition of Common Carrier 
> (https://en.wikipedia.org/wiki/Common_carrier).
> 
>  Incidentally, Network Neutrality wasn’t enacted until 2015, and classified 
> ISPs as FCC CCs purely to bring them under regulation by the FCC. DMCA was 
> passed in 1998, and Safe Harbor is based on the fact that ISPs are “passive 
> conduits". NN has nothing to do with the common carrier aspect of ISPs as 
> "service providers who are passive conduits”. 
> 
>  -mel
> 
>> On Aug 5, 2019, at 9:41 AM, Anne P. Mitchell, Esq.  
>> wrote:
>> 
>> 
>> 
>>> On Aug 5, 2019, at 10:02 AM, Mel Beckman  wrote:
>>> 
>>> Patrick,
>>> 
>>> You’re confusing the FCC’s definition of common carrier for telecom 
>>> regulatory purposes, and the DMCA definition, which specifically grants 
>>> ISPs protection from litigation through its Safe Harbor provision, as long 
>>> as they operate as pure common carriers:
>>> 
>>> “Section 512(a) provides a safe harbor from liability for ISPs, provided 
>>> that they operate their networks within certain statutory bounds, generally 
>>> requiring the transmission of third-party information without interference, 
>>> modification, storage, or selection. [emphasis mine]
>>> 
>>> http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
>>> 
>>> -mel 
>> 
>> Section 512(a) applies very specifically to the copyright infringement issue 
>> as addressed in the DMCA.  While I don't disagree that this law school 
>> paper, written while Lovejoy was a law student, in 2013,  could be read as 
>> if ISPs were common carriers, they are not, and were not.   Even if it were 
>> headed that way, actions by the current FTC and administration rolled back 
>> net neutrality efforts in 2017, four years after this student paper was 
>> published.
>> 
>> All that said, this is very arcane stuff, and ever-mutating, so it's not at 
>> all difficult to see why reasonable people can differ about the meanings of 
>> various things out there. 
>> 
>> Anne
>> 
>> Anne P. Mitchell, Attorney at Law
>> CEO/President, Institute for Social Internet Public Policy
>> Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
>> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
>> Legislative Consultant
>> GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
>> Board of Directors, Denver Internet Exchange
>> Board of Directors, Asilomar Microcomputer Workshop
>> Legal Counsel: The CyberGreen Institute
>> Former Counsel: Mail Abuse Prevention System (MAPS)
>> Member: California Bar Association
>> 
>> 
>> 
> 

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

RE: What can ISPs do better? Removing racism out of internet

[Keith Medcalf]

On Monday, 5 August, 2019 10:25, Bryan Fields  wrote:

>I'd be more concerned with the lack of notice given to their
>customer.  This was 24 hours notice, and I'd expect at least
>30 days under any hosting contract.  This scares the shit
>out of me as a customer; could cloudflare decide to give me
>no notice and shut my services off?

Yes.  This is in Cloudflare's Terms of Service.  You pay them and they provide 
services.  They may decide to terminate those services at any time, without any 
prior notice whatsoever, and keep your money.  You agree to this when you 
contract with them.

So I would suppose that this just means that you would not do business with 
Cloudflare.  That is your right.  If you do not like the contract provisions 
you are free not to contract with them.

If you do not mind that they may decide at any point in time for any reason or 
no reason at all to terminate your services and stop providing the service for 
which you have paid in advance (and without refund), then you are free to do so.

As always, the choice is yours.  No one compels you to do business with 
Cloudflare.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

The best cure for speech is more speech.

+1E07


On Aug 5, 2019, at 10:05 AM, William Herrin 
mailto:b...@herrin.us>> wrote:

On Sun, Aug 4, 2019 at 8:41 PM Mehmet Akcin 
mailto:meh...@akcin.net>> wrote:
Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going 
straight to the point.

Most of us who operate internet services believe in not being the moderator of 
internet. We provide a service and that’s it. Obviously there are some 
established laws around protecting copyrights, and other things which force us 
to legally take action and turn things down when reported.

What can we do better as network operators about hate sites like 8Chan?

De-anonymize them. Let them say what they'll say and defend their right to say 
it but don't let them hide behind your name. Promise that when the police come 
knocking and it appears to you to be a hate speech site, your privacy policy 
is: none whatsoever.

The best cure for speech is more speech. The President notwithstanding, hateful 
behavior has a hard time surviving the light of day. You shouldn't be the 
censor but you can shine the light.

(Also, as a practical matter the further you force folks to the fringe, the 
harder they are to track and thereby stop. Letting folks know you object by 
terminating their service does them more of a favor than cooperating with law 
enforcement.)

Regards,
Bill Herrin

--
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Anne of Many Titles,

I notice you didn’t provide any actual data to support your position. What, for 
example, outside of copyright violations, could ISPs conceivably be liable for? 
Present an argument to make your case. “No, because I’m a lawyer and you’re 
not” is not an argument :)

As clearly stated in DMC 512(a), the safe harbor provision for transitory 
transport, which is what Cloudfare provides,

"protects service providers who are passive conduits from liability for 
copyright infringement, even if infringing traffic passes through their 
networks. In other words, provided the infringing material is being transmitted 
at the request of a third party to a designated recipient, is handled by an 
automated process without human intervention, is not modified in any way, and 
is only temporarily stored on the system, the service provider is not liable 
for the transmission.”

That’s not a law school student opinion. That’s the law itself. As I previously 
said, I’m not talking about the FCC definition of CC. Under DMCA, "service 
providers who are passive conduits” are the essence of the common law 
definition of Common Carrier (https://en.wikipedia.org/wiki/Common_carrier).

 Incidentally, Network Neutrality wasn’t enacted until 2015, and classified 
ISPs as FCC CCs purely to bring them under regulation by the FCC. DMCA was 
passed in 1998, and Safe Harbor is based on the fact that ISPs are “passive 
conduits". NN has nothing to do with the common carrier aspect of ISPs as 
"service providers who are passive conduits”.

 -mel

On Aug 5, 2019, at 9:41 AM, Anne P. Mitchell, Esq. 
mailto:amitch...@isipp.com>> wrote:



On Aug 5, 2019, at 10:02 AM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Patrick,

You’re confusing the FCC’s definition of common carrier for telecom regulatory 
purposes, and the DMCA definition, which specifically grants ISPs protection 
from litigation through its Safe Harbor provision, as long as they operate as 
pure common carriers:

“Section 512(a) provides a safe harbor from liability for ISPs, provided that 
they operate their networks within certain statutory bounds, generally 
requiring the transmission of third-party information without interference, 
modification, storage, or selection. [emphasis mine]

http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf

-mel

Section 512(a) applies very specifically to the copyright infringement issue as 
addressed in the DMCA.  While I don't disagree that this law school paper, 
written while Lovejoy was a law student, in 2013,  could be read as if ISPs 
were common carriers, they are not, and were not.   Even if it were headed that 
way, actions by the current FTC and administration rolled back net neutrality 
efforts in 2017, four years after this student paper was published.

All that said, this is very arcane stuff, and ever-mutating, so it's not at all 
difficult to see why reasonable people can differ about the meanings of various 
things out there.

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

LOL! You mean instead of “Keith gets to decide what’s on topic”? 

I didn’t “decide” anything, BTW. I simply pointed out that Common Carrier 
operations is within the NANOG mandate to discuss operational issues. 

 -mel

> On Aug 5, 2019, at 9:30 AM, Bryan Fields  wrote:
> 
> On 8/5/19 11:15 AM, Mel Beckman wrote:
>> Keith, what could be more on-topic than an ISP’s status as a common
>> carrier? Seems pretty operational to me.
> 
> Mel gets to decide what's on topic and off topic for the nanog list?
> 
> :D
> -- 
> Bryan Fields
> 
> 727-409-1194 - Voice
> http://bryanfields.net

Re: What can ISPs do better? Removing racism out of internet

[Anne P. Mitchell, Esq.]

> On Aug 5, 2019, at 11:46 AM, b...@theworld.com wrote:
> 
> My first suggestion would be to include an indemnification clause in
> your contracts which includes liability for content, if you don't
> already have it (probably most do.)
> 
> And a clause which indicates you (need lawyering for this) will seek
> expenses including but not limited to legal, judgements, reputational
> recovery (e.g., cost of producing press releases), etc, incurred by
> actions taken by customer.

These are all excellent suggestions - and while we're on the subject of that 
sort of thing, *everyone* should have warrantees of GDPR compliance in any of 
their third-party contracts in which data can be touched, and *also* 
indemnification clauses in those same contracts if you are held responsible 
because those third-parties were breached, etc., and found to *not* be in 
compliance with GDPR (for which GDPR specifically provides - i.e. GDPR can go 
through the third-party contract and hold *you* liable).  This is one of the 
ways that GDPR can seep in to get you even if you think you're safe because 
you're not in the EU.

Anne

---

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Grant Taylor via NANOG]

On 8/5/19 9:19 AM, Nicolas Chabbey wrote:
Are there any good reasons of using proprietary FHRPs like HSRP and 
GLBP over VRRP ?


I thought that GLBP had functionality that allowed both participants to 
be active/active.  I.e. you could cause ⅔ of traffic to go to one GLBP 
peer and the remaining ⅓ go to the other GLBP peer.


It's my understanding that neither HSRP nor VRRP support this 
active/active operation and that they are purely active/passive.


Sure, you can have multiple HSRP / VRRP IPs and spread the load via 
client configuration.  But that's outside of the scope of the protocols 
themselves.


Please correct me if I'm wrong.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature

Re: What can ISPs do better? Removing racism out of internet

[bzs]

My first suggestion would be to include an indemnification clause in
your contracts which includes liability for content, if you don't
already have it (probably most do.)

And a clause which indicates you (need lawyering for this) will seek
expenses including but not limited to legal, judgements, reputational
recovery (e.g., cost of producing press releases), etc, incurred by
actions taken by customer.

I've long had something like the latter regarding anyone using our
facilities to spam and I have billed spammers, and have collected some
of those bills.

I don't do this punitively. I really like to be paid for our time and
services!

Their behavior doesn't give them free access to our time even in the
form of responding to emails ("above and beyond normal") or phone
calls etc regarding their behavior.

I also included a clause that allows me to require an immediate
deposit if the outstanding bill rises above (pick a number) and
failure to provide that deposit or work out an arrangement is grounds
for suspension of services.

That allows for nearly immediate action rather than putting it into a
30 day billing cycle.

But the real power of generating that sort of bill is if they won't or
don't pay ok then they've been shut off not for their content etc but
for non-payment have a nice day.

And if they pay, ok.

As I said I have been paid generally with a promise to moderate their
behavior, usually involving too-aggressive email advertising causing a
lot of complaints. Perhaps not spamming in spirit but if we come in to
100+ complaints which need to be responded to I ain't payin' for that!

But beyond their right to express themselves, which I'm ok with, they
need to be financially responsible for their costs. Free speech is not
necessarily "free" as in beer.

-- 
-Barry Shein

Software Tool & Die| b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: +1 617-STD-WRLD   | 800-THE-WRLD
The World: Since 1989  | A Public Information Utility | *oo*

Re: What can ISPs do better? Removing racism out of internet

[William Herrin]

On Sun, Aug 4, 2019 at 8:41 PM Mehmet Akcin  wrote:

> Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going
> straight to the point.
>
> Most of us who operate internet services believe in not being the
> moderator of internet. We provide a service and that’s it. Obviously there
> are some established laws around protecting copyrights, and other things
> which force us to legally take action and turn things down when reported.
>
> What can we do better as network operators about hate sites like 8Chan?
>

De-anonymize them. Let them say what they'll say and defend their right to
say it but don't let them hide behind your name. Promise that when the
police come knocking and it appears to you to be a hate speech site, your
privacy policy is: none whatsoever.

The best cure for speech is more speech. The President notwithstanding,
hateful behavior has a hard time surviving the light of day. You shouldn't
be the censor but you can shine the light.

(Also, as a practical matter the further you force folks to the fringe, the
harder they are to track and thereby stop. Letting folks know you object by
terminating their service does them more of a favor than cooperating with
law enforcement.)

Regards,
Bill Herrin

-- 
William Herrin
b...@herrin.us
https://bill.herrin.us/

Re: What can ISPs do better? Removing racism out of internet

[Michael Thomas]

On 8/5/19 9:24 AM, Bryan Fields wrote:

On 8/4/19 11:41 PM, Mehmet Akcin wrote:

What can we do better as network operators about hate sites like 8Chan?

I actually went and looked at 8chan, it would appear to me they have a bunch
of hate filled people there, 10 yr olds who think saying the n-word makes them
cool, and then other bland users.


I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan
off its platform today after El Paso attack.
https://blog.cloudflare.com/terminating-service-for-8chan/

I'd be more concerned with the lack of notice given to their customer.  This
was 24 hours notice, and I'd expect at least 30 days under any hosting
contract.  This scares the shit out of me as a customer; could cloudflare
decide to give me no notice and shut my services off?

Well, we don't know what led up to this. Like do we know they weren't on 
notice?


Mike

Re: What can ISPs do better? Removing racism out of internet

[James Downs]

On Mon, Aug 05, 2019 at 12:24:55PM -0400, Bryan Fields wrote:

> contract.  This scares the shit out of me as a customer; could cloudflare
> decide to give me no notice and shut my services off?

So much for the "free-speech absolutist".

Re: What can ISPs do better? Removing racism out of internet

[Anne P. Mitchell, Esq.]

> On Aug 5, 2019, at 10:02 AM, Mel Beckman  wrote:
> 
> Patrick,
> 
> You’re confusing the FCC’s definition of common carrier for telecom 
> regulatory purposes, and the DMCA definition, which specifically grants ISPs 
> protection from litigation through its Safe Harbor provision, as long as they 
> operate as pure common carriers:
> 
> “Section 512(a) provides a safe harbor from liability for ISPs, provided that 
> they operate their networks within certain statutory bounds, generally 
> requiring the transmission of third-party information without interference, 
> modification, storage, or selection. [emphasis mine]
> 
> http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf
> 
>  -mel 

Section 512(a) applies very specifically to the copyright infringement issue as 
addressed in the DMCA.  While I don't disagree that this law school paper, 
written while Lovejoy was a law student, in 2013,  could be read as if ISPs 
were common carriers, they are not, and were not.   Even if it were headed that 
way, actions by the current FTC and administration rolled back net neutrality 
efforts in 2017, four years after this student paper was published.

All that said, this is very arcane stuff, and ever-mutating, so it's not at all 
difficult to see why reasonable people can differ about the meanings of various 
things out there. 

Anne

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

Re: What can ISPs do better? Removing racism out of internet

[Brielle]

On 8/5/2019 10:24 AM, Bryan Fields wrote:

I'd be more concerned with the lack of notice given to their customer.  This
was 24 hours notice, and I'd expect at least 30 days under any hosting
contract.  This scares the shit out of me as a customer; could cloudflare
decide to give me no notice and shut my services off?


If they were a paying customer...  sure, maybe 30 days.  However, if 
they're a paying customer, their agreement likely gives cloudflare an 
out under some situations.


If they aren't a paying customers, then you give them the amount of time 
in relation to how much they are paying.  In this case, if they are 
paying $0, then I think giving them until Midnight was being overly 
generous.




--
Brielle Bruns
The Summit Open Source Development Group
http://www.sosdg.org/ http://www.ahbl.org

Re: Best ways to ensure redundancy with no terrestrial ISPs

[Ross Tajvar]

Hi Eric, thanks for this info. Very helpful.

Mark/everyone, this is in Morocco specifically. I haven't been given the
exact location but I'm told it's near Dahkla.

On Sat, Aug 3, 2019, 9:36 PM Eric Kuhnke  wrote:

> In a remote area in northern africa if there are no terrestrial ISPs, and
> there is no budget to build towers for PTP microwave, I don't know if there
> are any reasonable options.
>
> If sufficient funds did exist, my recommendation, if they really want true
> diversity between two totally different services, would be a combination of
> a MEO o3b earth station and a traditional geostationary type earth station
> (Ku band) with appropriate RF chain and SCPC modem.
>
> It is also possible to achieve full diversity through two totally separate
> geostationary earth stations, using different satellite transponders and
> different teleports on the other end.
>
> But that's not going to be cheap, either in a one time equipment cost or
> in monthly recurring cost, for o3b services and transponder kHz lease +
> teleport services on the other end somewhere in continental Europe.
>
> On Sat, Aug 3, 2019 at 2:10 PM Ross Tajvar  wrote:
>
>> On Sat, Aug 3, 2019 at 4:30 PM Brian Henson  wrote:
>>
>>> If we had a location (or at least a part of the world) we might be able
>>> to recommend a little better.
>>>
>>
>> This is in northern Africa.
>>
>

Re: What can ISPs do better? Removing racism out of internet

[Bryan Fields]

On 8/5/19 11:15 AM, Mel Beckman wrote:
> Keith, what could be more on-topic than an ISP’s status as a common
> carrier? Seems pretty operational to me.

Mel gets to decide what's on topic and off topic for the nanog list?

:D
-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: What can ISPs do better? Removing racism out of internet

[Anne P. Mitchell, Esq.]

> I’m not sure if you understand the terms under which ISPs operate as “common 
> carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
> customers. ISPs such as Cloudfare can no more disconnect customers for legal, 
> if offensive, content than the phone company can, without losing that common 
> carrier status.
> 
> Cloudfare is being foolish, and hypocritical. They freely, for example, carry 
> the equally offensive content of Antifa. Are they going to cut them off too?
> 
> In America we have the right to free speech, and the right to use common 
> carriers to carry that speech. If a common carrier chooses to censor legal 
> speech, which is what Cloudfare has done, then it loses its CC status and can 
> now be sued for that speech.
> 
> -mel beckman

ISPs are not common carriers, and, in fact, they have the right to carry - or 
to not carry - whatever traffic they choose.  In fact, for some aspects of 
Internet traffic, ISP immunity is specifically written into the law (cf. 
CAN-SPAM §8(c) which states that "(c) No EFFECT ON POLICIES OF PROVIDERS OF 
INTERNET ACCESS SERVICE.--Nothing in this Act shall be construed to have any 
effecton the lawfulness or unlawfulness, under any other provision of law, of 
the adoption, implementation, or enforcement by a provider of Internet access 
service of a policy of declining to transmit, route,relay, handle, or store 
certain types of electronic mail messages.").

Anne P. Mitchell, Attorney at Law
CEO/President, Institute for Social Internet Public Policy
Dean of Cybersecurity & Cyberlaw, Lincoln Law School of San Jose
Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
Legislative Consultant
GDPR, CCPA (CA) & CCDPA (CO) Compliance Consultant
Board of Directors, Denver Internet Exchange
Board of Directors, Asilomar Microcomputer Workshop
Legal Counsel: The CyberGreen Institute
Former Counsel: Mail Abuse Prevention System (MAPS)
Member: California Bar Association

Re: What can ISPs do better? Removing racism out of internet

[Bryan Fields]

On 8/4/19 11:41 PM, Mehmet Akcin wrote:
> What can we do better as network operators about hate sites like 8Chan?

I actually went and looked at 8chan, it would appear to me they have a bunch
of hate filled people there, 10 yr olds who think saying the n-word makes them
cool, and then other bland users.

> I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan
> off its platform today after El Paso attack.
> https://blog.cloudflare.com/terminating-service-for-8chan/

I'd be more concerned with the lack of notice given to their customer.  This
was 24 hours notice, and I'd expect at least 30 days under any hosting
contract.  This scares the shit out of me as a customer; could cloudflare
decide to give me no notice and shut my services off?

Once you make the point that you're willing to play that game, how can you be
trusted as a provider?

> I am sure there are many sites like this out there, but could network
> operators do anything to make these sites “not so easy” to be found,
> reached, and used to end innocent lives?

These atrocities were committed by people willing to die for their cause, how
ever sick and fucked up it is.  There's little anyone can do against this sort
of actor, and it is why it's so terrifying.  I certainly don't have a solution
to it, but can say censorship is not the answer.

-- 
Bryan Fields

727-409-1194 - Voice
http://bryanfields.net

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Patrick,

You’re confusing the FCC’s definition of common carrier for telecom regulatory 
purposes, and the DMCA definition, which specifically grants ISPs protection 
from litigation through its Safe Harbor provision, as long as they operate as 
pure common carriers:

“Section 512(a) provides a safe harbor from liability for ISPs, provided that 
they operate their networks within certain statutory bounds, generally 
requiring the transmission of third-party information without interference, 
modification, storage, or selection. [emphasis mine]

http://jolt.law.harvard.edu/articles/pdf/v27/27HarvJLTech257.pdf

 -mel

On Aug 5, 2019, at 8:43 AM, Patrick W. Gilmore 
mailto:patr...@ianai.net>> wrote:

Mel:

My understanding is ISPs are not Common Carriers. Didn’t we just have a big 
debate about this w/r/t Network Neutrality? I Am Not A Lawyer (hell, I am not 
even an ISP :), but if any legal experts want to chime in, please feel free to 
educate us.

Put another way, ISPs are not phone companies. Moreover, ISPs - and CDNs and 
hosting providers and etc. - can have terms of service which do not allow 
certain types of content on their platform. Again, that is is my understanding. 
Happy to be educated by someone who specializes in this type of law. I know 
there are a couple such people on NANOG-l.

--
TTFN,
patrick

P.S. Interesting choice equating a group founded on the principals that “Nazis 
are bad” and a group espousing Nazi ideas. But that’s very off-topic, so if you 
want to discuss, please do so directly.


On Aug 5, 2019, at 11:13 AM, Mel Beckman 
mailto:m...@beckman.org>> wrote:

Mehmet,

I’m not sure if you understand the terms under which ISPs operate as “common 
carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
customers. ISPs such as Cloudfare can no more disconnect customers for legal, 
if offensive, content than the phone company can, without losing that common 
carrier status.

Cloudfare is being foolish, and hypocritical. They freely, for example, carry 
the equally offensive content of Antifa. Are they going to cut them off too?

In America we have the right to free speech, and the right to use common 
carriers to carry that speech. If a common carrier chooses to censor legal 
speech, which is what Cloudfare has done, then it loses its CC status and can 
now be sued for that speech.

-mel beckman

On Aug 5, 2019, at 8:06 AM, Keith Medcalf 
mailto:kmedc...@dessus.com>> wrote:


On Sunday, 4 August, 2019 21:41, Mehmet Akcin 
mailto:meh...@akcin.net>> wrote:

Most of us who operate internet services believe in not being the
moderator of internet. We provide a service and that’s it. Obviously
there are some established laws around protecting copyrights, and
other things which force us to legally take action and turn things
down when reported.

What can we do better as network operators about hate sites like
8Chan?

I applaud cloudflare’s (perhaps slightly late) decision on kicking
8chan off its platform today after El Paso attack.
https://blog.cloudflare.com/terminating-service-for-8chan/

I am sure there are many sites like this out there, but could network
operators do anything to make these sites “not so easy” to be found,
reached, and used to end innocent lives?

I do not quite understand this.

In days of yore, nutters used to send their screeds to Newspapers, TV and Radio 
stations.  Did you shut them down or move them to frequencies that could not be 
received with COTS TVs and Radios?  Did you ban the newspapers, put them out of 
business, or make it so their broadsheet was only available by travelling by 
aeroplane for 8 hours before breakfast?

Of course not, you silly duck!

There is an advantage to having all the nutters congregating on one place -- 
you know exactly where to find them.  Granted, the advantage is not exactly the 
same as we apply to politicians (or lawyers) who are kepts all in one place so 
that kinetic weapons can dispatch the whole lot at one go if necessary.

However, your solution of sweeping things you do not like under the rug is 
ill-conceived if not brain-dead in conception and you must not be permitted to 
carry out your objectives.  The fate of the free world depends on it.

However, do not worry.  US AG William Barr is doing a fine job deploying his 
"backdoors".  Why just the other day one of them was used to shut down the 
Georgia State Public Safety Services, and prior to that his "backdoors" were 
used to shut down several city computer systems in Florida and even the City of 
Baltimore.  Good work with those backdoors, Mr. Barr.  Job well done!

It is nincompoops who do not think about what they are doing that create such a 
bloody mess of things.  They should let the adults take care of it.

Now, enough of this off-topic stuff and back to our regularly scheduled 
programming.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: What can ISPs do better? Removing racism out of internet

[Matt Harris]

On Sun, Aug 4, 2019 at 10:41 PM Mehmet Akcin  wrote:

> What can we do better as network operators about hate sites like 8Chan?
>

What is a "hate site" and who gets to decide what constitutes a "hate
site"? These are the most dangerous questions of our time, because once we
begin sliding down the slippery slope of unbounded, subjectively-determined
censorship, we may find that we don't agree with what all is being
censored. To make this point perhaps more saliently, the vast majority of
regimes worldwide that engage or have engaged in censorship have done so
primarily in order to quell dissent against their policies and leaders. We
could implement a "great firewall" much like China has, but how long would
it be before it was viewed as a useful political tool to silence
opposition?

Could you imagine one side determining that any content related to,
perhaps, safe access to abortion, is counter to their ideal society and
hence "too dangerous" to allow the citizenry to view? Could the other side
then determine just as easily that content related to, say, gun rights is
objectionable and dangerous, also?

In my humble opinion, no one can or should be trusted with that sort of
power, and that is why we have the first amendment in the US constitution.


> I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan
> off its platform today after El Paso attack.
> https://blog.cloudflare.com/terminating-service-for-8chan/
>

Cloudflare is a private entity and can host or not host whatever it wants,
of course.


> I am sure there are many sites like this out there, but could network
> operators do anything to make these sites “not so easy” to be found,
> reached, and used to end innocent lives?
>

Websites can't end innocent lives; only actions taken offline by their
participants can do that. Having all of these sites online and as
in-the-open as possible has a benefit of allowing law enforcement to
monitor activity therein through legal means which allow for oversight and
due process, US constitutional concepts which protect all of us from
potential abuses of power. If we as operators wish to help prevent crimes
and violence, then we should foster good relationships with law
enforcement, and inform them of anything that we notice which may be
related to the commission of or threats of violence. They can then follow
prescribed paths which protect everyone involved to determine whether
enforcement action is necessary/possible without violating anyones' rights.
I'm not claiming the system is perfect, of course, but I don't think
anyone's going to do a whole lot better.

There is no perfect system. Bad people can and will still do bad things.
The best that we each can do is to be aware of our surroundings at all
times both online and off, and protect ourselves, our families, our homes,
and our communities.

- Matt

RE: What can ISPs do better? Removing racism out of internet

[Keith Medcalf]

On Monday, 5 August, 2019 09:16, Mel Beckman  wrote:

>“Now, enough of this off-topic stuff and back to our regularly
>scheduled programming.”

>Keith, what could be more on-topic than an ISP’s status as a common
>carrier? Seems pretty operational to me.

I think that is closing the barn door after the horse already left.

It is my understanding that in your fabulous United States of America that 
"carriers" (meaning having no content serving nor content consuming customers*) 
may be "common carriers" or can claim to be common carriers.  The rest of you 
who are not pure carriers are, thanks to Ijit Pai, merely Information Services 
and do not have common carrier status, nor can you claim to be common carriers.

A "common carrier" is one who must provide carriage provided the fee for 
carriage is paid.  This is not the case for "Information Service" providers as 
they are not required to provide carriage to any who can pay the fee for 
carriage.

*I hate the term "content", it is somowhat lame.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: RFC 5771 - Global Multicast Addresses

[Niels Bakker]

* bran...@brandonsjames.com (Brandon James) [Mon 05 Aug 2019, 17:17 CEST]:
As a young network engineer (no historic perspective) and only SMB 
and enterprise experience. It seems like the intention was to allow 
these to be publicly routed, but it would be a nightmare to 
implement so it never was.


Multicast was never popular with operators because it had the 
potential to create a lot of state across every router in a network, 
as well as lead to uncontrolled explosions of traffic, especially in 
network designs that relied on virtual circuits for significant 
portions of last-mile infrastructure.


Some of these problems were addressed with SSM, IP DSLAMs, and having 
consumer connection speeds be significantly faster than what a Full HD 
video stream requires, but given that major network providers already 
don't have the in-house clue to implement IPv6, multicast will be very 
low priority.



-- Niels.

--
"It's amazing what people will do to get their name on the internet, 
which is odd, because all you really need is a Blogspot account."

-- roy edroso, alicublog.blogspot.com

Re: Best ways to ensure redundancy with no terrestrial ISPs

[Mehmet Akcin]

there is nothing about telecoms in this map, it's all about powerlines.

On Mon, Aug 5, 2019 at 8:02 AM Tony Finch  wrote:

> Fred Baker  wrote:
> > > On Aug 3, 2019, at 3:36 PM, Mehmet Akcin  wrote:
> > >
> > > Feel free to open live.infrapedia.com on mobile.
>
> > Between overlaid ads and the thing trying to force an account, i’d
> > Describe it as a waste of time. Now, a page that delivered the data
> > advertised...
>
> https://openinframap.org/ works a lot better.
>
> Tony.
> --
> f.anthony.n.finchhttp://dotat.at/
> justice and liberty cannot be confined by national boundaries

Re: What can ISPs do better? Removing racism out of internet

[Harald Koch]

On Mon, Aug 5, 2019, at 11:30, Mel Beckman wrote:
> Keith, what could be more on-topic than an ISP’s status as a common 
> carrier? Seems pretty operational to me. 

American ISPs are not common carriers. When net neutrality was revoked on 
December 14, 2017, so was ISP's common carrier status / protection.

-- 
Harald

Re: What can ISPs do better? Removing racism out of internet

[Patrick W. Gilmore]

Mel:

My understanding is ISPs are not Common Carriers. Didn’t we just have a big 
debate about this w/r/t Network Neutrality? I Am Not A Lawyer (hell, I am not 
even an ISP :), but if any legal experts want to chime in, please feel free to 
educate us.

Put another way, ISPs are not phone companies. Moreover, ISPs - and CDNs and 
hosting providers and etc. - can have terms of service which do not allow 
certain types of content on their platform. Again, that is is my understanding. 
Happy to be educated by someone who specializes in this type of law. I know 
there are a couple such people on NANOG-l.

-- 
TTFN,
patrick

P.S. Interesting choice equating a group founded on the principals that “Nazis 
are bad” and a group espousing Nazi ideas. But that’s very off-topic, so if you 
want to discuss, please do so directly.


> On Aug 5, 2019, at 11:13 AM, Mel Beckman  wrote:
> 
> Mehmet,
> 
> I’m not sure if you understand the terms under which ISPs operate as “common 
> carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
> customers. ISPs such as Cloudfare can no more disconnect customers for legal, 
> if offensive, content than the phone company can, without losing that common 
> carrier status.
> 
> Cloudfare is being foolish, and hypocritical. They freely, for example, carry 
> the equally offensive content of Antifa. Are they going to cut them off too?
> 
> In America we have the right to free speech, and the right to use common 
> carriers to carry that speech. If a common carrier chooses to censor legal 
> speech, which is what Cloudfare has done, then it loses its CC status and can 
> now be sued for that speech.
> 
> -mel beckman
> 
>> On Aug 5, 2019, at 8:06 AM, Keith Medcalf  wrote:
>> 
>> 
>>> On Sunday, 4 August, 2019 21:41, Mehmet Akcin  wrote:
>>> 
>>> Most of us who operate internet services believe in not being the
>>> moderator of internet. We provide a service and that’s it. Obviously
>>> there are some established laws around protecting copyrights, and
>>> other things which force us to legally take action and turn things
>>> down when reported.
>> 
>>> What can we do better as network operators about hate sites like
>>> 8Chan?
>> 
>>> I applaud cloudflare’s (perhaps slightly late) decision on kicking
>>> 8chan off its platform today after El Paso attack.
>>> https://blog.cloudflare.com/terminating-service-for-8chan/
>> 
>>> I am sure there are many sites like this out there, but could network
>>> operators do anything to make these sites “not so easy” to be found,
>>> reached, and used to end innocent lives?
>> 
>> I do not quite understand this.  
>> 
>> In days of yore, nutters used to send their screeds to Newspapers, TV and 
>> Radio stations.  Did you shut them down or move them to frequencies that 
>> could not be received with COTS TVs and Radios?  Did you ban the newspapers, 
>> put them out of business, or make it so their broadsheet was only available 
>> by travelling by aeroplane for 8 hours before breakfast?
>> 
>> Of course not, you silly duck!
>> 
>> There is an advantage to having all the nutters congregating on one place -- 
>> you know exactly where to find them.  Granted, the advantage is not exactly 
>> the same as we apply to politicians (or lawyers) who are kepts all in one 
>> place so that kinetic weapons can dispatch the whole lot at one go if 
>> necessary.
>> 
>> However, your solution of sweeping things you do not like under the rug is 
>> ill-conceived if not brain-dead in conception and you must not be permitted 
>> to carry out your objectives.  The fate of the free world depends on it.
>> 
>> However, do not worry.  US AG William Barr is doing a fine job deploying his 
>> "backdoors".  Why just the other day one of them was used to shut down the 
>> Georgia State Public Safety Services, and prior to that his "backdoors" were 
>> used to shut down several city computer systems in Florida and even the City 
>> of Baltimore.  Good work with those backdoors, Mr. Barr.  Job well done!
>> 
>> It is nincompoops who do not think about what they are doing that create 
>> such a bloody mess of things.  They should let the adults take care of it.
>> 
>> Now, enough of this off-topic stuff and back to our regularly scheduled 
>> programming.
>> 
>> -- 
>> The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
>> lot about anticipated traffic volume.
>> 
>> 
>> 
>> 
>> 

Re: What can ISPs do better? Removing racism out of internet

[Niels Bakker]

* m...@beckman.org (Mel Beckman) [Mon 05 Aug 2019, 17:21 CEST]:
Cloudfare is being foolish, and hypocritical. They freely, for 
example, carry the equally offensive content of Antifa. Are they 
going to cut them off too?


Finally, a centrist to point out the true culprits of all this violence

Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Nicolas Chabbey]

Are there any good reasons of using proprietary FHRPs like HSRP and GLBP
over VRRP ?

I know that one reason may be interoperability with some vendors
equipment and old gears, but VRRPv3 is now widely used, in particular
for IPv6.

Also VRRP can be easily extended with proprietary extensions and looks
very similar to HSRP in its operation.

Regards.

On 04/08/2019 21:40, cyrus ramirez via NANOG wrote:
> If you're looking for vendor neutral FHRP, VRRP has RFC documentation.
> GLBP and HSRP are Cisco proprietary protocols and are protected
> information other than the study material and how too out there.
> 
> Cyrus
> 
> Sent from Yahoo Mail on Android
> 
> 
> On Sat, Aug 3, 2019 at 10:19 AM, Chriztoffer Hansen
>  wrote:
> 
> Saku Ytti wrote on 03/08/2019 15:49:
> > I don't think any work for GLBP exists in IETF.
> 
> A shot in the dark. Correct.
> 
> 
> https://www.google.com/#q=%28"GLBP"%7C"Gateway+Load+Balancing"+Protocol%7C"Global+Load+Balancing"+Protocol%29+AND+inurl%3Adatatracker+AND+inurl%3Aietf
> 
> (My IETF history is short. =I won't know any older history.)
> 
> ... I doubt any current or previous Cisco folks on the list would want
> to chirm in about history from inside Cisco on the GLBP topic...(?)
> 
> 
> -- 
> Best regards,
> Chriztoffer
> 

Re: What can ISPs do better? Removing racism out of internet

[Mike Bolitho]

"I am sure there are many sites like this out there, but could network
operators do anything to make these sites “not so easy” to be found,
reached, and used to end innocent lives?"

As network operators? We shouldn't do anything. The onus falls on the
hosting companies. I do not want to go down the slippery slope of deciding
what traffic should or should not be allowed on the internet. That process
involves traffic sniffing and possibly attempting to break encryption to
see what's flowing through the pipes. I'm adamantly against that.

If I'm building and maintaining highways, I'm not opening up every single
truck to make sure there's nobody being smuggled inside. The trucking
company can police what cargo is in their trailers.

On Sun, Aug 4, 2019, 8:42 PM Mehmet Akcin  wrote:

> Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going
> straight to the point.
>
> Most of us who operate internet services believe in not being the
> moderator of internet. We provide a service and that’s it. Obviously there
> are some established laws around protecting copyrights, and other things
> which force us to legally take action and turn things down when reported.
>
> What can we do better as network operators about hate sites like 8Chan?
>
> I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan
> off its platform today after El Paso attack.
> https://blog.cloudflare.com/terminating-service-for-8chan/
>
> I am sure there are many sites like this out there, but could network
> operators do anything to make these sites “not so easy” to be found,
> reached, and used to end innocent lives?
>
> Mehmet
>
>
> --
> Mehmet
> +1-424-298-1903
>

Re: OT: Tech bag

[Michel 'ic' Luczak]

Hi,

> On 2 Aug 2019, at 18:14, Dovid Bender  wrote:
> 
> Hi,
> 
> Sorry for the OT email. I travel extensively to DC's and my computer bag 
> seems to keep collecting more tools which includes your usual console cables, 
> spare everything, two laptops etc. My Swissgear has been taking a beating and 
> I was wondering what others who have to lug around 30-35 pounds use.

I regularly put two 15” laptops in this 
https://brenthaven.com/product/metrolite-laptop-backpack/ 
 and front pocket is 
packet with tools, PSUs, wires, …

/ic

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

“Now, enough of this off-topic stuff and back to our regularly scheduled 
programming.”

Keith, what could be more on-topic than an ISP’s status as a common carrier? 
Seems pretty operational to me. 

 -mel 

> On Aug 5, 2019, at 8:06 AM, Keith Medcalf  wrote:
> 
> Now, enough of this off-topic stuff and back to our regularly scheduled 
> programming.

Re: What can ISPs do better? Removing racism out of internet

[Töma Gavrichenkov]

Peace,

On Mon, Aug 5, 2019 at 6:42 AM Mehmet Akcin  wrote:
> What can we do better as network operators about
> hate sites like 8Chan?

About nothing, because recent IETF developments like QUIC, ESNI, or
MASQUE would completely prohibit you from figuring out what sites you,
as an ISP, are giving an access to.  This is, uh, the very point of
those developments.

> I applaud cloudflare’s (perhaps slightly late) decision on
> kicking 8chan off its platform today after El Paso attack.

The 8chan shutdown is no more than a one off.  And I assume 8chan just
needs to change the name to get their service back.  There's no trend
whatsoever.

This is also sooo funny, because Cloudflare is happily protecting even
DDoS booters for almost a decade.

$ host -t A ddos-black.info
ddos-black.info has address 104.31.72.53
ddos-black.info has address 104.31.73.53
$ whois 104.31.72.53 | grep OrgName:
OrgName:Cloudflare, Inc.
$ host -t A ddos-stress.cc
ddos-stress.cc has address 104.28.4.14
ddos-stress.cc has address 104.28.5.14
$ whois 104.28.4.14 | grep OrgName:
OrgName:Cloudflare, Inc.
$

Those booters basically only exist because Cloudflare, OVH, and others
allow them to.  A booter business isn't very steady and profitable.
Without a cheap DDoS protection those services would be dead in weeks,
because sometimes their operators don't even know how to mitigate
their own attacks themselves.  So they get that protection from
Cloudflare, because apparently that doesn't violate "the Cloudflare
mission to help build a better Internet".

This is just one example.  Carding fraud, malware, illegal munitions,
drugs, whatever.  It's all there.  But, ya know, all those are much
better than some imageboard outta there. The latter is the root of all
evil.

--
Töma

SAFNOG-5 Call For Papers Deadline

[Portia Rabonda]

Greetings,



It's August and the SAFNOG-5 countdown has officially begun!

[cid:924e4f24-b227-4750-bee8-fba8c0dd64d9]There's only 2 DAYS left for paper 
submissions. If you are keen to present/share your expertise on the relevant 
topics

below, submit your paper online at http://www.safnog.org/call-for-papers.html 
by Monday, 5th August  at latest.

Topics proposed must be relevant to Internet Operations and Technologies:

- IPv4 / IPv6 Routing and Operations
- IPv6 deployment and transition technologies
- Internet backbone operations
- ISP and Carrier services
- IXPs and Peering
- Research on Internet Operations and Deployment
- Software Defined Networking / Network Function Virtualisation
- Network security issues (NSP-SEC, DDoS, Anti-Spam, Anti-Malware)
- DNS / DNSSEC
- Internet policy (Security, Regulation, Content Management, Addressing, 
etc)
- Access and Transport Technologies, including Cable/DSL, LTE/5G, wireless, 
metro ethernet, fibre, segment routing
- Content & Service Delivery (Multicast, Voice, Video, "telepresence", 
Gaming) and Cloud Computing



Don't hesitate to contact the Programme Committee at 
safnog-pc-cha...@safnog.org with any 
questions.



We look forward to receiving your presentation proposals.



Regards,



SAFNOG-5 Programme Committee

Re: What can ISPs do better? Removing racism out of internet

[Mel Beckman]

Mehmet,

I’m not sure if you understand the terms under which ISPs operate as “common 
carriers”, and thus enjoy immunity from lawsuits due to the acts of their 
customers. ISPs such as Cloudfare can no more disconnect customers for legal, 
if offensive, content than the phone company can, without losing that common 
carrier status.

Cloudfare is being foolish, and hypocritical. They freely, for example, carry 
the equally offensive content of Antifa. Are they going to cut them off too?

In America we have the right to free speech, and the right to use common 
carriers to carry that speech. If a common carrier chooses to censor legal 
speech, which is what Cloudfare has done, then it loses its CC status and can 
now be sued for that speech.

 -mel beckman

> On Aug 5, 2019, at 8:06 AM, Keith Medcalf  wrote:
> 
> 
>> On Sunday, 4 August, 2019 21:41, Mehmet Akcin  wrote:
>> 
>> Most of us who operate internet services believe in not being the
>> moderator of internet. We provide a service and that’s it. Obviously
>> there are some established laws around protecting copyrights, and
>> other things which force us to legally take action and turn things
>> down when reported.
> 
>> What can we do better as network operators about hate sites like
>> 8Chan?
> 
>> I applaud cloudflare’s (perhaps slightly late) decision on kicking
>> 8chan off its platform today after El Paso attack.
>> https://blog.cloudflare.com/terminating-service-for-8chan/
> 
>> I am sure there are many sites like this out there, but could network
>> operators do anything to make these sites “not so easy” to be found,
>> reached, and used to end innocent lives?
> 
> I do not quite understand this.  
> 
> In days of yore, nutters used to send their screeds to Newspapers, TV and 
> Radio stations.  Did you shut them down or move them to frequencies that 
> could not be received with COTS TVs and Radios?  Did you ban the newspapers, 
> put them out of business, or make it so their broadsheet was only available 
> by travelling by aeroplane for 8 hours before breakfast?
> 
> Of course not, you silly duck!
> 
> There is an advantage to having all the nutters congregating on one place -- 
> you know exactly where to find them.  Granted, the advantage is not exactly 
> the same as we apply to politicians (or lawyers) who are kepts all in one 
> place so that kinetic weapons can dispatch the whole lot at one go if 
> necessary.
> 
> However, your solution of sweeping things you do not like under the rug is 
> ill-conceived if not brain-dead in conception and you must not be permitted 
> to carry out your objectives.  The fate of the free world depends on it.
> 
> However, do not worry.  US AG William Barr is doing a fine job deploying his 
> "backdoors".  Why just the other day one of them was used to shut down the 
> Georgia State Public Safety Services, and prior to that his "backdoors" were 
> used to shut down several city computer systems in Florida and even the City 
> of Baltimore.  Good work with those backdoors, Mr. Barr.  Job well done!
> 
> It is nincompoops who do not think about what they are doing that create such 
> a bloody mess of things.  They should let the adults take care of it.
> 
> Now, enough of this off-topic stuff and back to our regularly scheduled 
> programming.
> 
> -- 
> The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
> lot about anticipated traffic volume.
> 
> 
> 
> 
> 

RFC 5771 - Global Multicast Addresses

[Brandon James]

Good Evening,

I'm looking for some insight into the usage of a few of the blocks defined in 
RFC 5771 (and IPv6 Multicast Addressing as described in RFC 4291 and 7346) , 
specifically regarding their use on the public internet. I know multicast isn't 
routed  on the public internet. However, it appears that this may be due to 
operational issues and concerns or that it was simply never implemented. The 
specific blocks I'm looking at are (as defined in RFC 5771 Section 3-10:

Internetwork Control Block - 224.0.1.0/24
> Addresses in the Internetwork Control Block are used for protocol control 
> traffic that MAY be forwarded through the Internet

AD-HOC Blocks (I, II, and III) - 224.0.2.0 - 224.0.255.255, 224.3.0.0 - 
224.4.255.255, and 233.252.0.0 - 233.255.255.255
> These addresses MAY be globally routed

GLOP Block (233/8) - Global routing is never mentioned in RFC 5771, but given 
the context and the use of ASNs, I'm not sure if the intention was for these to 
be publicly routable or to simply to guarantee that the address would be unique 
within your AS (are large telcos and webscale companies exhausting 239.0.0.0/8?)

IPv6 Multicast Addresses with scope 0xE - The RFC doesn't really go into detail 
on how these would be used.

As a young network engineer (no historic perspective) and only SMB and 
enterprise experience. It seems like the intention was to allow these to be 
publicly routed, but it would be a nightmare to implement so it never was.

You'd probably require PIM Sparse Mode (we can't flood traffic to the entire 
internet), RPs would need to be advertised somehow (maybe BSR could be 
implemented with RP advertisements coming from the providers edge?). RPF would 
be a constant process and shortest path trees would change constantly.

That's all without mentioning 224.0.1.0/24 is tiny and the AD-HOC and GLOP 
blocks aren't exactly huge given the size of the internet.

I'd love to hear what others have to say about this, maybe get some historic 
perspective and thoughts on whether or not any of this will change as IPv6 
adoption increases. I'd also love to see any guidance on actually implementing 
multicast on the internet from IANA or the IETF (or guidance that says that it 
should not or can not be done) as I wasn't able to find any.

Regards,

Brandon

Re: OT: Tech bag

[John Covici]

Maybe I made a mistake, let me try again.   its
https://www.tombihnn.com, sorry about that.
On Fri, 02 Aug 2019 14:54:49 -0400,
Christopher Morrow wrote:
> 
> On Fri, Aug 2, 2019 at 2:50 PM John Covici  wrote:
> >
> > https://www.tombin.com has some great bags for laptops, etc.  Not
> 
> 'server has no ip address' .
> $ ping www.tombin.com
> PING www.tombin.com (127.0.0.1)
> 
> good try to get us all infected by malware...
> 
> On a less funny note, try out some of the various osprey bags.
> 
> 
> > cheap but very good stuff.
> >
> > On Fri, 02 Aug 2019 12:19:08 -0400,
> > Hunter Fuller wrote:
> > >
> > > I carry this. It's a preference I gained in my past life:
> > > https://www.kleintools.com/catalog/tool-storage/tradesman-pro-backpack
> > >
> > > I put my notebook (Surface Pro) in a sleeve and sandwich it between
> > > the halves. It hasn't gotten crushed to death yet. I'll admit this is
> > > not optimal.
> > >
> > > This one has since been released, and it has a laptop compartment. My
> > > co-worker loves it:
> > > https://www.kleintools.com/catalog/tradesman-pro-organizers/tradesman-pro-tech-backpack
> > >
> > > On Fri, Aug 2, 2019 at 11:14 AM Dovid Bender  wrote:
> > > >
> > > > Hi,
> > > >
> > > > Sorry for the OT email. I travel extensively to DC's and my computer 
> > > > bag seems to keep collecting more tools which includes your usual 
> > > > console cables, spare everything, two laptops etc. My Swissgear has 
> > > > been taking a beating and I was wondering what others who have to lug 
> > > > around 30-35 pounds use.
> > > >
> > > > TIA.
> > > >
> > > >
> > >
> >
> > --
> > Your life is like a penny.  You're going to lose it.  The question is:
> > How do
> > you spend it?
> >
> >  John Covici wb2una
> >  cov...@ccs.covici.com
> 

-- 
Your life is like a penny.  You're going to lose it.  The question is:
How do
you spend it?

 John Covici wb2una
 cov...@ccs.covici.com

Re: What can ISPs do better? Removing racism out of internet

[Joe Hamelin]

Well, once they let NetOps fire sales staff we can get some traction going.
--
Joe Hamelin, W7COM, Tulalip, WA, +1 (360) 474-7474


On Sun, Aug 4, 2019 at 8:42 PM Mehmet Akcin  wrote:

> Ok, two mass shootings, touchy topic, lots of emotions this weekend. Going
> straight to the point.
>
> Most of us who operate internet services believe in not being the
> moderator of internet. We provide a service and that’s it. Obviously there
> are some established laws around protecting copyrights, and other things
> which force us to legally take action and turn things down when reported.
>
> What can we do better as network operators about hate sites like 8Chan?
>
> I applaud cloudflare’s (perhaps slightly late) decision on kicking 8chan
> off its platform today after El Paso attack.
> https://blog.cloudflare.com/terminating-service-for-8chan/
>
> I am sure there are many sites like this out there, but could network
> operators do anything to make these sites “not so easy” to be found,
> reached, and used to end innocent lives?
>
> Mehmet
>
>
> --
> Mehmet
> +1-424-298-1903
>

Re: Best ways to ensure redundancy with no terrestrial ISPs

[Nikos Leontsinis]

Agree 

> On 4 Aug 2019, at 18:50, Fred Baker  wrote:
> 
> Between overlaid ads and the thing trying to force an account, i’d Describe 
> it as a waste of time. Now, a page that delivered the data advertised...
> 
> Sent using a machine that autocorrects in interesting ways...
> 
>> On Aug 3, 2019, at 3:36 PM, Mehmet Akcin  wrote:
>> 
>> 
>> Feel free to open live.infrapedia.com on mobile. Click on share location 
>> icon. And it will show 3D view of any fiber near by. 
>> 
>> We are thinking about adding wireless networks too and maybe overlaying 
>> national cell phone coverage maps
>> 
>>> On Sat, Aug 3, 2019 at 14:21 Mark Tinka  wrote:
>>> 
>>> 
 On 3/Aug/19 23:09, Ross Tajvar wrote:
> On Sat, Aug 3, 2019 at 4:30 PM Brian Henson  wrote:
> If we had a location (or at least a part of the world) we might be able 
> to recommend a little better. 
 
 
 This is in northern Africa.
>>> 
>>> Hmmh - normally, when someone says North America, it's one of 2 countries. 
>>> Not much fuss there...
>>> 
>>> North Africa (by some kind of definition) is 8 or 10 countries, depending 
>>> on what you feel North Africa means.
>>> 
>>> In short, you'll have to be more specific than that...
>>> 
>>> 
>>> Mark.
>>> 
>> -- 
>> Mehmet
>> +1-424-298-1903

RE: What can ISPs do better? Removing racism out of internet

[Keith Medcalf]

On Sunday, 4 August, 2019 21:41, Mehmet Akcin  wrote:

>Most of us who operate internet services believe in not being the
>moderator of internet. We provide a service and that’s it. Obviously
>there are some established laws around protecting copyrights, and
>other things which force us to legally take action and turn things
>down when reported.

>What can we do better as network operators about hate sites like
>8Chan?

>I applaud cloudflare’s (perhaps slightly late) decision on kicking
>8chan off its platform today after El Paso attack.
>https://blog.cloudflare.com/terminating-service-for-8chan/

>I am sure there are many sites like this out there, but could network
>operators do anything to make these sites “not so easy” to be found,
>reached, and used to end innocent lives?

I do not quite understand this.

In days of yore, nutters used to send their screeds to Newspapers, TV and Radio 
stations.  Did you shut them down or move them to frequencies that could not be 
received with COTS TVs and Radios?  Did you ban the newspapers, put them out of 
business, or make it so their broadsheet was only available by travelling by 
aeroplane for 8 hours before breakfast?

Of course not, you silly duck!

There is an advantage to having all the nutters congregating on one place -- 
you know exactly where to find them.  Granted, the advantage is not exactly the 
same as we apply to politicians (or lawyers) who are kepts all in one place so 
that kinetic weapons can dispatch the whole lot at one go if necessary.

However, your solution of sweeping things you do not like under the rug is 
ill-conceived if not brain-dead in conception and you must not be permitted to 
carry out your objectives.  The fate of the free world depends on it.

However, do not worry.  US AG William Barr is doing a fine job deploying his 
"backdoors".  Why just the other day one of them was used to shut down the 
Georgia State Public Safety Services, and prior to that his "backdoors" were 
used to shut down several city computer systems in Florida and even the City of 
Baltimore.  Good work with those backdoors, Mr. Barr.  Job well done!

It is nincompoops who do not think about what they are doing that create such a 
bloody mess of things.  They should let the adults take care of it.

Now, enough of this off-topic stuff and back to our regularly scheduled 
programming.

--
The fact that there's a Highway to Hell but only a Stairway to Heaven says a 
lot about anticipated traffic volume.

Re: Best ways to ensure redundancy with no terrestrial ISPs

[Tony Finch]

Fred Baker  wrote:
> > On Aug 3, 2019, at 3:36 PM, Mehmet Akcin  wrote:
> >
> > Feel free to open live.infrapedia.com on mobile.

> Between overlaid ads and the thing trying to force an account, i’d
> Describe it as a waste of time. Now, a page that delivered the data
> advertised...

https://openinframap.org/ works a lot better.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
justice and liberty cannot be confined by national boundaries

Re: Xfinity with IPv6 clue?

[Chriztoffer Hansen]

Janet,

Did an actual person follow up with you privately after ipv6 got working
on your connection? ... Or was it more like magic silence from their
end. And suddenly it "just" worked?

/Chriztoffer

On 05/08/2019 04:00, Ross Tajvar wrote:
> Did you get in touch with someone? What was the problem?

Re: User Unknown (WAS: really amazon?)

[Scott Christopher]

Rubens Kuhl wrote: 

> I don't think that "companies with tons of lawyers" should be a factor in 
> making resource allocation policies. But considering either small or big 
> networks, an escalation path would reduce friction and increase overall 
> compliance... for instance, failure to have functioning abuse PoC could lead 
> first to being inegible to receive new resources. 

It's not about $BIGCORP having lots of corporate lawyers imposing its will on 
the small guys - it's about Amazon's role as a public utility, upon which many 
many many important things depend.

S.C.

Re: MAP-E

[JORDI PALET MARTINEZ via NANOG]

This is not surprising to me as Dlink was one of my co-authors for RFC8585 ... 
and they indicated in v6ops that implementing CLAT was really easy. I guess 
they need to improve the GUI, etc.

Note that with 464XLAT, you still need the NAT64 at the ISP side, and also, the 
traceroutes will shows something weird, so not trustable unless you understand 
very well how it works. However, testing a web site or other services will work 
fine.

Regards,
Jordi
@jordipalet
 
 

El 5/8/19 3:45, "NANOG en nombre de Philip Loenneker"  escribió:

Moving away from the discussion around what technology people may choose to 
go with, and instead what CPEs may be suitable...

I know this is 464XLAT rather than MAP-E that was originally requested, but 
recent versions of D-Link firmware, eg for the DVA-2800, include the CLAT 
functionality. My testing in November last year showed that it only partially 
worked, with the traceroutes to 64:ff9b::1.1.1.1 working, but it would not 
automatically translate a traceroute to 1.1.1.1 to the IPv6 version. There have 
been a few new revisions since then and it is on my to-do list to re-test 
things, but I haven't had the time. 

It is also worth noting that, in the original firmware revision I tested, I 
had to manually enter the URL for the CLAT configuration screen. It simply 
wasn't on the menu. On another version, it had a link to DS-Lite configuration, 
and from there you get a link to the CLAT options. It is possible that other 
devices and/or vendors also have this option, or options for similar 
technologies such as MAP-E, but they just don't have a link to it in the 
interface.

-Original Message-
From: NANOG  On Behalf Of Masataka Ohta
Sent: Monday, 5 August 2019 11:07 AM
To: nanog@nanog.org
Subject: Re: MAP-E

Baldur Norddahl wrote:

> Or the case of Playstation network. Yes they WILL blacklist your CGN 
> just the same as they can blacklist a shared MAP ip address. Except it 
> affects more users.

If IP address sharing by blocks of ports becomes common and there is 
typical block size (say, 1024), blacklisting will be done block-wise.

Masataka Ohta




**
IPv4 is over
Are you ready for the new Internet ?
http://www.theipv6company.com
The IPv6 Company

This electronic message contains information which may be privileged or 
confidential. The information is intended to be for the exclusive use of the 
individual(s) named above and further non-explicilty authorized disclosure, 
copying, distribution or use of the contents of this information, even if 
partially, including attached files, is strictly prohibited and will be 
considered a criminal offense. If you are not the intended recipient be aware 
that any disclosure, copying, distribution or use of the contents of this 
information, even if partially, including attached files, is strictly 
prohibited, will be considered a criminal offense, so you must reply to the 
original sender to inform about this communication and delete it.

Re: [nanog] Cisco GLBP/HSRP question -- Has it ever been dis

[Fred Baker]

> On Aug 4, 2019, at 5:29 PM, Chriztoffer Hansen  
> wrote:
> 
> The question was simply about if GLBP/HSRP had ever been up in discussions in 
> the IETF concerning publishing the protocol specifications as a standard. (As 
> pointed out. I totally forgot about the RFC concerning HSRP.) Haven't gotten 
> a response on the GLBP part. Which I am more than doubtful, myself, will ever 
> come to fruition as a standard in an IETF WG.

AFAIK (and any specific knowledge I have of Cisco is dated), Cisco has not 
asked the IETF to standardize its proprietary protocol. An obvious start would 
be for Cisco customers to ask Cisco to do so.

With HSRP/VRRP, someone wrote a specification that they thought Would 
accomplish the Cisco-proprietary objectives, and championed that through IETF 
processes. At least part of that had to do with a Cisco competitor and someone 
who had a bee in their bonnet. I'm not telling you to do that (my observation 
of HSRP/VRRP is that the result has been two competing protocols, not a winner 
and a loser), but it's a question you might ask your vendor about.

Re: What can ISPs do better? Removing racism out of internet

[Fred Baker]

> On Aug 4, 2019, at 8:41 PM, Mehmet Akcin  wrote:
> 
> I am sure there are many sites like this out there, but could network 
> operators do anything to make these sites “not so easy” to be found, reached, 
> and used to end innocent lives?

I''d suggest reducing their reputation rankings, as reported by SpamHous and 
their kin. That's not to say that "Spamhaus and their kin must", although that 
would be one implementation. Another would be to include them also some other 
ranking mechanism in the analysis, and reduce the reputation of such sites in 
the implied alternative.

Another would be to include such rankings in their calculations of whom to 
accept as customers - BGP or otherwise - and if some AS seems to accept such as 
customers, not accept them. I imagine they do, to some extent, but this could 
be followed up more closely.